CVE-2006-0871

Name of the Vulnerable Software and Affected Versions Mambo versions 4.5.3 through 4.5.3h Mambo versions prior to 4.5.3

Description The issue allows remote attackers to read and include arbitrary files via the mos change template parameter in the setTemplate function.

Recommendations For Mambo versions 4.5.3 through 4.5.3h, consider restricting access to the setTemplate function until a fix is available. For Mambo versions prior to 4.5.3, consider updating to a version that is not affected by this issue or restricting access to the setTemplate function. As a temporary workaround, avoid using the mos change template parameter in the affected function until the issue is resolved.